Filtered by vendor Tenda
Subscribe
Total
1240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31755 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | |||||
| CVE-2025-29137 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
| Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. | |||||
| CVE-2025-29118 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-04-01 | N/A | 6.5 MEDIUM |
| Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. | |||||
| CVE-2025-29100 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
| Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. | |||||
| CVE-2025-29135 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. | |||||
| CVE-2025-29121 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-03-28 | N/A | 7.5 HIGH |
| A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow. | |||||
| CVE-2024-46429 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-28 | N/A | 8.8 HIGH |
| A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. | |||||
| CVE-2023-24170 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. | |||||
| CVE-2023-24169 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. | |||||
| CVE-2023-24167 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. | |||||
| CVE-2023-24166 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. | |||||
| CVE-2023-24165 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. | |||||
| CVE-2023-24164 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. | |||||
| CVE-2025-29149 | 1 Tenda | 2 I12, I12 Firmware | 2025-03-27 | N/A | 7.5 HIGH |
| Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | |||||
| CVE-2024-44551 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | |||||
| CVE-2022-48130 | 1 Tenda | 2 W20e, W20e Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. | |||||
| CVE-2025-29218 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-26 | N/A | 6.5 MEDIUM |
| Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-46434 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. | |||||
| CVE-2024-46433 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. | |||||
| CVE-2024-46432 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. | |||||